Apple sold a cool 10 million iPhone 6 and 6 Plus devices in the first weekend of sales, and have shifted a record number of units since, however the real acid test for Apple starts now, with the official US launch of Apple Pay on Monday, October 20th. In addition to in-app purchases, Apple Pay will initially be available at 220,000 US retail locations.
Will the NFC-enabled devices really be a game-changer for mobile payments? While widespread merchant adoption and a seamless shopper experience are all important, security considerations are also critical if Apple Pay is to make a long-lasting impact on the payments ecosystem. However, Apple Pay’s use of tokenization to protect card data is seen as positive development for mobile payment security.
In this blog post we’ll be taking a closer look at the benefits of Apple’s approach to tokenization, how important payment security issues have been addressed, and how PAY.ON’s white label Apple Pay SDKsupports payment service providers who want to offer their merchants Apple Pay mobile payment integration.
Combining convenience and security
The convenience factor is evident enough, with payment confirmation via Apple’s Touch ID being a marked improvement on other mobile wallets that require manual PIN input for verification. Of course, convenience is subjective, and will largely be determined by consumer experience, as well as Apple Pay achieving widespread availability. However, with Apple’s market clout and track record of introducing disruptive technologies, Apple Pay is already poised to jump well clear of its competitors.
Security has already been the focus of much attention, in particular the approach to using tokenization to protect credit card data. In combination with biometric details (via Touch ID), this is a positive development for mobile payment security, though it’s a system that will certainly continue to evolve over time.
Apple Pay’s use of tokenization
Tokenization is something service providers, such as PAY.ON’s clients, have been using for many years to increase security and improve user experience, with one-click payments or recurring billing models. However it’s the way tokenization will be used in conjunction with other security features (two-step authentication) that promises privacy and security for shoppers. According to Apple, when card details are added to one of the new NFC-enabled devices, a connection is made to the token service provider, which returns a Device Account Number. This tokenized card data is then stored in the Secure Element of the phone, with requests for the encrypted information made via Touch ID. Only the token issuer (in this case credit card networks) can map back to the original card number.
Because the Apple Pay mobile wallet opens on the shopper’s device, responsibility for payment security shifts from retailers to Apple, reducing merchant risk. Given the payment data breaches that have made headlines in the US recently, this must be appealing for merchants, and may help drive merchant adoption. Freed up from handling credit card data, merchants become a less desirable target for fraud attempts and hackers.
There is also an additional layer of security, as each transaction – in addition to the token stored in the Secure Element – generates a unique cryptogram that verifies the token, and includes transaction and merchant information.
The movement towards a tokenization standard is a positive one for payments, but tokens and cryptograms being generated not only per device but per transaction will create a huge amount of data. This could create challenges surrounding data analysis and security, but it will be imperative for payment service providers to address these challenges and develop payment flows that work for issuers and acquirers.
A white label solution for mobile payment integration
With PAY.ON’s Apple Pay SDK– the first white label solution available – payment service providers will be able to offer their merchant clients a mobile payment integration that utilizes PAY.ON’s powerful omni-channel payment platform. The integration for the merchant is straightforward, and our solution addresses the challenge of security decryption of the tokenization request. Our clients will have the ability to support Apple Pay just like any other payment method.
Apple Pay, at least at the moment, is based on card payment, which raises the question of how the technology can be adapted to other payment methods, especially in Europe where there are numerous locally-preferred alternative payment methods. If Apple’s authentication mechanism is proven to work (and it should), it could translate to big payment opportunities in local markets